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A system for managing data privacy comprises a database 
management system for storing data from a plurality of 
consumer database tables, with irrevocable logging of all 
access, whether granted or denied, to the data contents 
stored in the consumer data tables; a privacy metadata 
system that administers and records al] data, users and usage 
of data that is registered as containing privacy elements; and 
a replication system that feeds the consumer access system 
with personal consumer data, maintains integrity of the 
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mechanism to provide input for changes in the personal data 
or privacy preferences. The system further includes means 
for managing consumer notification, access, correction and 
change of preferences for privacy or data protection in the 
privacy metadata system. 
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SYSTEM AND METHOD FOR MANAGING bousing application involves the collection and analysis of 

DATA PRIVACY IN A DATABASE information collected in the course of commercial transac- 

MANAGEMENT SYSTEM INCLUDING A lions between retailer outlets and retail consumers. For 

DEPENDENTLY CONNECTED PRIVACY example, when an individual uses a credit card to purchase 

DATA MART * an item at a retail store, the identity of the customer, the item 

purchased, the purchase amount and other similar informa- 
This is a continuation-in-part of application Ser. No. tion are collected. Traditionally, this information is used by 
09/165,784, entitled "PRIVACY-ENHANCED the retailer to determine if the transaction should be 
DATABASE," by Kenneth W. O'Flaherty, Richard G. completed, and to control product inventory. Such data can 
Stellwagen, Jr., Todd A. Walter, Reid M. Watts, David A. 10 also be used to determine temporal and geographical pur- 
Ramsey, Adriaan W. Veldbuisen, Renda K. Ozden, and chasing trends. 

Patrick B. Dempster filed on Oct. 2, 1998, now U.S. Pat. No. The data collected during such transactions is also useful 

6,253,203. in other applications. For example, information regarding a 

particular transaction can be correlated to personal informa- 

CR OSS -REFERENCE TO RELATED 15 \i on about the consumer (age, occupation, residential area, 

APPLICATIONS income, etc.) to generate statistical information. In some 

This application is related to the following co-pending cases > Personal information can be broadly classified 

and commonly assigned applications, each of which is two groups: information that reveals the identity of the 

hereby incorporated by reference herein: consumer, and information that does not. Information that 

U.S. patent application Ser. No. 09/165,457, entitled 20 * ™ul the tfentity of the consumer is useful 

"PRIVACY-CABLED LOYALTY CARD SYSTEM beca !f* * * f generate information about the 

AND METHOD," by Kenneth W. O'Flaherty, Reid M. P™*«* ^ochvilies of consumers with similar personal 

Watts, and David A. Ramsey, filed on Oct. 2, 1998; and characteristics. Personal information that reveals the identity 

' " ' * of the consumer can be used for a more focused and 

VS. patent application Ser. No. 09/165,777 U.S. Pat. No. 25 personalized marketing approach in which the purchasing 

6,275,824, entitled; "SYSTEM AND METHOD FOR bMls of wb m dj v idual consumer differentiates the 

MANAGING DATA PRIVACY IN A DATABASE approach ^ brings competitive advantage. 

MANAGEMENT SYSTEM," by Kenneth W. ,, , . . , T\. ,. ,, J , , • , u 

O'Flaherty, Richard G. Stellwagen, h , Todd A. Walter, . ^fortunately, v^e the collect™ and analysis of such 

Reid M. Watts, David A. Ramsey, Adriaan W. 30 °f «? be of gieat benefit, it can also be be subject 

W1JL . n J *s ^ *^ jn.J'i.n * of considerable abuse. It can discourage the use of emerging 

Veldhuisen, Renda IC Ozden, and Patrick B. Dempster ... . . _j j , u j 

a\*A - r\l* 1 moo. technology, such as cash cards and loyalty card programs, 

nlea on Oct. 2, 199o; ana , r °" - * ..' r , 

M and foster continuation of more conservative payment meth- 

U.S. Provisional ods such as cash and checks. In fact, public concern over 

832, entitled "SYSTEM AND METHOD FOR PRI- ri is bclievcd to ^ a factor holdi back the m{ici _ 

VACY ENHANCED DATA WAREHOUSING, by 35 J ated I xplosive h web commerce 

Kenneth W. O'Flaherty, Richard G. Stellwagen, Jr., r _ „ c . . t . e . . 

Todd A Walter, Reid M. Watts, David A. Ramsey, , Fo ' dl ° f # mcsc ^ cn 1*™"* ">^^ion is 

Adriaan W. Veldhuisen, Renda 1^ Ozden, and Patrick storcd m * aU T^ff 9 ^ * 

B. Dempster filed on Oct. 2, 1998. P 10 ?*? conlro1 te d * U to the ^ta subject from 

r 40 such abuse. As more and more data is collected in this, the 

BACKGROUND OF THE INVENTION computer age, the rights of individuals regarding the use of 

data pertaining to them have become of greater importance. 

1. Field of the Invention VVhat is needed is a system and method which provides all 
The present invention relates to systems and methods of the advantages of a complete data warehousing system, 

data warehousing and analysis, and in particular to a system A$ while addressing the privacy concerns of the consumer, 

and method for providing consumer notification, access. Consumers should have insight in what data about them is 

data correction and change of preferences for data privacy in subject to collection and use. 

a data warehousing system that includes a physically scpa- Therefore, it is the responsibility of those that process and 

rate but dependently connected data mart. control personal data to provide accurate and full disclosure 

2. Description of the Related Art 50 of what data is collected and processed, for what purposes, 
Database management systems are used to collect, store, and under what limits of use. This includes data which the 

disseminate, and analyze data. These large-scale integrated data controller has not collected directly from the consumer, 

database management systems provide an efficient, It is the obligation of a data controller to provide access to 

consistent, and secure data warehousing capability for the consumer of data which are being processed, in order to 

storing, retrieving, and analyzing vast amounts of data. Mcta 55 notify the consumer of the existence of a processing opera - 

Data Services are a comprehensive solution for managing tion and, where data are collected from him, accurate and 

metadata in complex data warehouse environments. Mcta full information to verify in particular the accuracy of the 

Data Services provides a solution for locating, data and the implied or explicitly stated preferences of 

consolidating, managing and navigating warehouse meta- privacy or data protection that has been agreed between the 

data. It also allows for setting aside an area from where all 50 data controller and the data subject and work directly with 

system aspects of privacy are registered, administered and the consumer to negotiate privacy preferences, 
logged in an audi table format. The ability to collect, analyze, 

and manage massive amounts of information through meta- SUMMARY OF THE INVENTION 

data has become a virtual necessity in business today, lb address the requirements described above, the present 

particularly when multiple hardware systems are involved. 65 invention discloses a method and apparatus for managing 

The information stored by these data warehouses can consumer notification and access and a means of correction 

come from a variety of sources. One important data ware- and change of preferences for privacy or data protection in 
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a data warehousing system including a physically separate FIG. 6 is a block diagrams illustrating the functions of the 

but dcpcndcntly connected data mart. privacy consumer access module and utility that supports the 

The apparatus comprises a database management system, privacy dependent data mart, 

for storing data from a plurality of consumer database tables, pjQ t 7 is a flow chart illustrating the total methodology 

with irrevocable logging of all access, whether granted or 5 for building privacy into a data warehouse or a data mart 

denied, to the data contents stored in the consumer data consisting of a Privacy Planning phase, a Design & Imple- 

tables, a privacy metadata system that administers and mentation phase and a Privacy Usage, Support & Enhance- 

records all data, users and usage of data that is registered as mem Qase 

containing privacy elements, a rephcation system that feeds 8 A and 8B provide a graphical representation of the 

the consumer access system with personal consumer data, 10 . ri ~?' T7/ T/ i^^ winw u f 

maintains integrity of the consumer data and provides 10 migration methodology that supports the implementation of 

changes and corrections back to the originating database ^e consumer access dependent data mart, 

management system through their own integrity filters as DETAILED DESCRIPTION OF THE 

well as a means of storage and the mechanism to provide PREFERRED EMBODIMENT 
input for changes in the personal data or privacy preferences. 

The method is supported by a privacy administrators In th * fo llowm g descnpUon, reference is made to the 

utility and includes procedures for migration of consumer accompanying drawings which form a part hereof, and 

data from any state or format into a consistent and present- wjuch is shown, by way of illustration, several embodiments 

able state in the consumer access dependent data mart by * P»«* m ?!*? L ? "J"* 18 *? 0thcr ' mb °t 

establishing a database logical data model and physical M ments may be utilized and structural changes may be made 

database design in the date mart with all the tables, views 20 ™*hout «■* "*P* of mc P rcscnt ™enUon. 

and macros needed to reflect all aspects of personal data and FIG. 1 is a system block diagram presenting an overview 

its identifiers, dependently coupled for integrity to the base of » warehousing system 100. The system comprises 

consumer database management system as a direct reflection secure data warehouse 102 having a database management 

of the tables in that system, extending database tables to ^ system 104 storing one or more extended databases 106 

store and retrieve privacy preference parameters for the data therein. 

stored in the database table, the privacy parameters collec- One important capability of a database management sys- 
lively reflected in a plurality of database views associated tern is the ability to define virtual table and save that 
with the data, accepting personal data and privacy param- definition in the database as metadata with a user-defined 
eters from the data source, possibly including sources exter- ^ name. The object formed by this operation is known as a 
nal to the data warehouse, storing the privacy parameters in dataview. As a virtual table, a dataview is not physically 
the columns associated with the data, providing notification materialized anywhere in the database until it is needed. All 
of and access to the data in the database table to a requesting accesses to data, other than for data administrative purposes, 
consumer solely through a privacy metadata services inter- would be accomplished through dataviews. Various data- 
face in accordance with the personal privacy parameters. 35 views exist for purposes of implementing privacy rules. 

Where possible the data models will be adapted to Metadata about the privacy dataview (including the data- 
accepted privacy standards, like P3P, to reflect the data types view name, names and data types of the dataview columns, 
and privacy sensitivity levels necessary and the consumer and the method by which the rows are to be derived) is 
privacy preferences, provide for an adapted system for stored persistently in the databases metadata, but the actual 
loading, formatting and maintaining data through Teradata 40 data presented by the view is not physically stored anywhere 
utilities provide a system for returning changes back to the in association with the derived table. Instead, the data itself 
source system and a utility that allows a privacy adminis- is stored in a persistent base table, and the view's rows are 
trator or data protection officer to manage the consumer derived from that base table. Although the dataview is a 
access system to legal specifications. The program storage virtual table, operations can be performed against dataviews 
device comprises a medium for storing instructions perform* 45 just as they can be performed against the base tables, 
ing the method steps outlined above. The secure data warehouse 102 further comprises a suite 

BRIEF DESCRIPTION OF THE DRAWINGS ° f P™^^ d *™f' w 108 U,r0 "^ * h j ch a " daU 1 . in 

the extended database 106 arc presented. Data within the 

Referring now to the drawings in which like reference extended database 106 can be viewed, processed, or altered 

numbers represent corresponding parts throughout: SQ only through the dataviews in this suite. The schema and 

FIG. 1 is a system block diagram of an exemplary logical model of the extended database and dataviews is set 

embodiment of a data warehouse system; forth more fully herein with respect to FIG. 2. 

FIGS. 2A and 2B illustrate a graphical representation of Virtually all access to the data stored in the extended 

the privacy logical data model that supports the implemen- database 106 is provided solely through the dataview suite 

tationof both the data warehouse and a dependent data mart; 55 ifjg. Thus, retailer applications 110 and third party applica- 

F1G. 3 is a block diagram presenting an illustrative tions 112 have access only to such data as permitted by the 

example of the structure of privacy-extended customer database view provided. In one embodiment, provision is 

tables stored in the data management system and the data- made to permit override of the customer's privacy prefer- 

base views that provide virtual separation between different ences. However, in such circumstances, data describing the 

user types and the actual data; ^ nature of the override is written to the database for retrieval 

FIGS. 4A and 4B illustrate a data warehouse with a by the audit module 118, so that the override cannot occur 

physically separate but dependently connected, privacy surreptitiously. Further, overrides may be monitored by the 

dependent data mart and the functions associated with the privacy metadata monitoring extensions 114 to provide an 

data mart; alert to the consumer when such overrides occur 116. 

FIG. 5 is a block diagram illustrating (be functions of the 65 The limiting access to the data stored in the extended 

privacy administration utility that supports the privacy database 106 to access provided by the privacy dataview 

dependent data mart. suite 108 for purposes of implementing privacy rules pro- 
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vides the capability to make the personal data anonymous metadata monitoring extension 114 to trigger an alert when 

(through the anonymizing view described herein), to restrict the consumer's personal information is read from the 

access to opted-out columns, which can apply to all personal extended database 106, when personal information is written 

data, separate categories of personal data, or individual data to the extended database 106, when opt-out delimiters stored 

columns, and to exclude entire rows (customer records) for 5 in the extended database are changed, or when a table or a 

opted-out purposes — a row is excluded if any of the appli- dataview is accessed. The metadata monitoring extension 

cable opt-out flags is on for the customer in question. 114 also records data source information, so customers can 

Using a client interface module 122 that communicates determine the source of the data stored in the secure data 

with the dataviews 108, a client 124 can access, control, and warehouse 102. The data source may be the customer, or 

manage the data collected from the client 124. This data "> may be a third party intermediary source. This feature is 

control and management can be accomplished using a wide particularly useful when the consumer would like to not only 

variety of communication media 140, including the Internet correct erroneous information, but to determine the source of 

126 (via a suitable browser plug-in 125, a modem 130, voice the erroneous information so the error will not be replicated 

telephone communications 132, or a kiosk 134 or other ™ s*mt database or elsewhere. 

device at the point of sale. To facilitate such 15 The metadata monitoring extension 114 can also be used 

communications, the kiosk or other device at the point of to support auditing functions by tracking reads or writes 

sale, can issue a smartcard 136 or a loyally card 138. The from the extended database 106 as well as the changes to the 

kiosk/pos device 134 can accept consumer input regarding dataview suite 108. 

privacy preferences, and issue a smartcard 136 or loyalty The described system can be implemented in a computer 
card 138 storing information regarding these preferences. 20 comprising a processor and a memory, such as a random 
Similarly, when using the kiosk/pos device 134 and the access memory (RAM). Such computer is typically opcra- 
smartcard 136 or loyalty card 138, the consumer may update tively coupled to a display, which presents images such as 
or change preferences as desired. In cases where the loyalty windows to the user on a graphical user interface. Thc 
card 138 is a simple read only device (such as a bar-coded computer may be coupled to other devices, such as a 
attachment to a key ring), the kiosk/pos device 134 can ^ keyboard, a mouse device, a printer, etc. Of course, those 
accept issue replacement cards with the updated information skilled in the art will recognize that any combination of the 
as necessary. Transactions using the loyalty card 138 or above components, or any number of different components, 
smartcard 136 are selectably encrypted. Either card may peripherals, and other devices, may be used with the corn- 
interact directly with the server or through a plug-in to putcr. 

implement the security rules selected. *> me computer operates under control of an 

Through this interf ace, the c onsume? ftpeoify d&U operating system stored in the memory, and interfaces with 

^sharing end <> ff^ffj^SjSBESS!S!^^^^^^ :1Cr tne user 10 &cce P t m P uts an( * commands and to present 

^Wfflffifil&ti^^ results through a graphical user interface (GUI) module. 

* infonn*l^ Although the GUI module is typically a separate module, the 

example, the consumer may permit such data retention as a instructions performing the GUI functions can be resident or 

^ggjjj^^flo^J^^ distributed in the operating system, an application program, 

'Mi^d ^ ®^|Hfiftidlll^^6<^ Fur&*Hh£3fflNnH^ or implemented with special purpose memory and proces- 

», s ?!^»fe^a^*S^i^iii^iBW so*' The computer may also implement a compiler that 



4, allows an application program written in a programming 

elective mlVieiMg^gjratns. language such as COBOL, C++, FORTRAN, or other lan- 

The data warehousing system 100 also permits use of guage to be translated into processor-readable code. After 

anonymous data within the data warehouse 102 via a privacy completion, the application accesses and manipulates data 

service 150. When the user desires anonymous data, the stored in the memory of the computer using the relationships 

transaction is routed to the privacy service 150. ThMcuMgy 45 and logic that was generated using the compiler. 

> -v^j&Sf jS^sS I^^^ ^^^ »flrt ^lf i ft t jj^^ r In one embodiment, instructions implementing the oper- 

^^^Wf^^^^^ l^^^ ^^^^^g^L^y^^*^ atm S system, thc computer program, and thc compiler arc 

<3pecn thy mronM^ tangibly embodied in a computer-readable medium, e.g., 

* the ioeSlW^w^inF feoKu The data storage device 170, which could include one or more 

cleansed transaction information response is then forwarded 5Q fi xec j or removable data storage devices, such as a zip drive, 

to the anonymity protection interface module 160 in the floppy disc drive, hard drive, CD-ROM drive, tape drive, 

secure data warehouse. Communications with thc secure c tc. Further, the operating system and the computer program 

data warehouse 102 use a proxy user identification, which is m comprised of instructions which, when read and 

created by thc privacy service 150 from thc customer's executed by the computer, causes the computer to perform 

username or other identifying information. If the customer 55 mc s \tps necessary to implement and/or use the present 

docs not require anonymous data, the transaction is provided invention. Computer program and/or operating instructions 

directly to thc retailer who may store the transaction infer- ma y also be tangibly embodied in memory and/or data 

mation response in the extended database. communications devices, thereby making a computer pro- 

Sioce it alone provides access to data within the extended gram product or article of manufacture according to the 

database, the dataview suite 108 also provides a convenient & invention. As such, the terms "program storage device, 

and comprehensive means for auditing the security of the "article of manufacture" and "computer program product" as 

secure data warehouse 102. used herein are intended to encompass a computer program 

The secure dala warehouse 102 also comprises metadata accessible from any computer readable device or media, 

monitoring extension 114. This extension 114 allows thc Those skilled in the art will recognize many modifications 

customer (o generate a rule to monitor thc use of personal 65 may be made to this configuration without departing from 

data, and to transmit an alert 116 or callback if a metadata the scope of the present invention. For example, those 

definition change occurs. The customer can control the skilled in the art will recognize that any combination of the 
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above components, or any number of different components, 
peripherals, and other devices, may be used with the present 
invention. 

FIGS. 2A and 2B provide a diagram showing the logical 
model of the secure data warehouse 102 and the dataview 
suite 108 in greater detail. The extended database 106 
comprises a customer table 200, which is segmented into 
categories of personal data: such as phone 218, address 216, 
demographic 202, employer 204, financial account 210, 
navigation history 214, transaction history 206, and online 
contact 208. Each personal data category also has an asso- 
ciated consent table: such as phone consent 238, address 
consent 234, demographic consent 230, employer consent 
220, financial consent 228, navigation consent 232, trans- 
action consent 226, and online contact consent 224. Hie 
consent tables specify data reflecting the privacy 
preferences, or "opt-outs", for the accompanying data. In the 
disclosed embodiment, these privacy preferences include 

sumer 242 ^> a 0 D f °" y S d Sto ^ 0 ^ na ; f da ^^^^w^SMM!^ 

decisions 244, and (5) disclosure or use of SDW »PP U f Iions ("Class B») m»y perfo 



10 



15 



into the data in the customer table 106 in accordance with 
the values placed in the data control columns. 

The standard view 360 will not present personal data 
unless either the flag in column (indicating that the personal 
information and identifying information can be dissemi- 
nated or indicating that personal information can only be 
disseminated anonymously) is activated. Hence, the stan- 
dard view 360 selectively masks personal data from view 
unless the consumer has set the appropriate flags to the 
proper value. 

Scaleable data warehouse (SDW) customer Data Base 
Administrator's (DBA) 151 set up views into customer 
tables (any tables containing personal information about 
their customers), controlled by the Data Protection Oflices 
152, such that, for routine users, all columns of personal 
information are hidden. 

to view, 
~ is a 




(4) disclosure 
automated 

sensitive data 246. Start and end dates are also maintained 
within the consent tables for historical tracking of consumer 
consent options. 

In the logical data model, the individual consent tables 
allow very fine-grained selection by the consumer of privacy 
preferences. For example, the consumer could opt-in to third 
party disclosure of her phone number, but opt-out to third 
party disclosure of her address. The model also allows 
privacy preferences that apply across the entire consumer 
record, store in the privacy consent codes table 236rfl»e 
automated decision code 244 allows consumers to indicate 
whethbf th6!r data" could be used to perform automated 
processing . the sensitive data code 246 allows consumers to 
pefmrdls^H^6A^f sensitive data. 

In one embodiment, an NCR Corporation TERADATA 
database management system is utilized to implement the 
foregoing logical model. This implementation has several 
advantages. 

First, the TERADATA database management system's 
ability to store and handle large amounts of data eases the 
construction of the many different views and allows the 
secure data warehousing system 100 to utilize a logical data 
model is in or close to the third normal form. 

Second, unlike systems which execute SQL queries as a 
series of selections to narrow the data down to the dataview 
subset, the TERADATA database management system 
rewrites data view-based queries to generate the SQL that 
selects the necessary columns directly from the appropriate 
base tables. While other views materialize entire tables 
before narrowing down the data to the view subset, TERA- 
DATA generates SQL that selectively pulls appropriate 
columns and rows into the result table. This method is a 
particularly advantageous in implementing the foregoing 
logical model 
Third, the foregoing logical model generally results in 



orm 

analysis on personal data, in order to gain insight into 
25 customer behavior, e.g. to identify trends or patterns. Such 
applications may be driven by end-users (knowledge work- 
ers or "power analysts") performing "ad hoc" queries, 
typically using either custom-built software or standard 
query or OLAP Tools, where the end-user spots the patterns. 
30 They may also involve the use of data mining tools, where 
statistical or machine learning algorithms, in conjunction 
with the analyst, discover patterns and from them build 
predictive models. 

FIGS. 4A and 4B illustrate a data warehouse 400 with a 
35 physically separate but dependently connected, privacy 
dependent data mart 500 and the functions associated with 
the data mart. The data warehouse includes a data base 
management system 404 storing one or more database tables 
406 containing personal data ifctymmt&tio* between 
%M th6 privacy aeffeWtent'dati mart 
Hm\ 418,'meUulal* ^stem <414, and 

^jjMLajMl<OT metadata 
IcaOTSlf modules contained within 
MftrtSOO. fn thte embodiment, each 
Igg^^jrotei separately to the v dati (e^ig. 

dTepolls^l^licallrt daU>. For 
tjtimttaiiBfrAD'jQnlv vcrsioo 



SF BffiffiffiR^D^0£ffi|^i , te the structure and 
l^tt*mput to the data oontpnts or 

frtf^WWWttm OA6 limited for* totality. 
These limitations can be selected by entering the proper 
combination of integrity and preference. The present inven* 
55 tion permits the expansion of the above described privacy 
preference paradigm to a similar system of multiple func- 
tions of consumer information and preferences, based upon 
the same detail of customer preferences. 



45 T& 

cl 

4U % 



314 




fcange dat 
(e.g. providing au 



In the privacy dependent data mart embodiment, the 
dataviews, which include complex queries and wide SQL 60 security and privacy protection features of the extended 
expressions. The TERADATA database management system database are further enhanced with the use of privacy access 
is particularly effective at optimizing such queries and SQL logging ^70tba^ 

expressions. ^<^dttt»^S^ change 

FIG. 3 illust rates a nu mber o f dataviews that arc provided 3a{3 SftiTa's 7 fttovioVtJ %y the ;atsJomer that examines their 
in the dataview suite 108. These dataviews include a stan- 65%*iWdataiutf ttfefert^ 

dard view 360, a privileged view 362, an anonymizing view on-hoc Of lrfj jjajjFi^^ clT s 

364, and an opt-out view 366. These views limit vmMity ^waordwr^^ 



sback 
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In one embodiment, external data in various formats 592, Logical Data Modeling — This service produces the atlrib- 
594 and 596 might be allowed to enrich the consumer data uted logical data model and/or star schema for the initial 
590 through an additional privacy data source filter, and implementation of the Dependent Data Mart. Activities in 
selectively applied to the consumer personal data. This this service include confirmation of requirements and gen- 
technique allows external customers data to be automatically 5 eration of the data model showing relationships and 
flagged (e.g. for authentication purposes), but could allow attributes. The data model is crucial to a Dependent Data 
for exclusion of processing for return of change data back to Mart solution to ensure that the proper business focus and 
the data warehouse. flexibility are maintained in the solution. The data model is 

FIG. 5 is a block diagram illustrating the functions of the D0 | specific to a platform or database and is separate from 

privacy administration utility 540 that supports the privacy 1Q my physical dependencies. The data model for the Depen- 

dependent data mart. dent Data Mart may ^ either a i og j ca ] dala mode i derived 

FIG. 6 is a block diagram illustrating the functions of the fr om tne enterprise data warehouse, or a star schema data 

privacy consumer access module 530 that supports the model. 

privacy dependent date mart Architecture Dcsign-Tnis service produces the infra- 

FIG. 7 is a flow chart lUustrating the total methodology u strucmrc for mc ^ implcmcnlation of mc Dependent 

for building privacy into a data warehouse or a data mart Data ^ AaMkB {q ^^cc include confirmation of 

consisting of a Solution Planning phase, a Design and . 4 . »• r*u * »u * r a 

Implementation phase and a Solution Usage, Support and ^^^7"!^ 

EnLncementphasc.Ttefunctionsofthe Privacy Discovery the Dcpentopl Data Mart, the Dependent DaU l Mart iteelf 
service 610 arc to provide education, determine the business ? d < hc architecture for the return of changed data back to 
requirements, and set the scope to be accepted by the 20 * c dat& warehouse. The architecture model is crucial to a 
business. Privacy Assessment service 620 is based on the Dependent Date Mart solution to ensure that the proper 
outcome of Privacy Discovery and executes a GAP analysis technical focus and flexibility are maintained in the solution, 
against the functional, data, and technical requirements for Ths architecture model is specific to a platform and database 
Privacy and uses these evaluations as input for the Business and is based on its physical dependencies. 
Impact Assessment which quantifies the impact that implc- 25 Physical Database Design — This service provides the 
mentation choices will bring to the current business in terms client a physical database design optimized for dependent 
of investment and revenue opportunity, positive or negative. date mart. The primary activities of this service are: trans- 
Privacy Assessment also creates an implementation blue- ] aung the data model to a physical database design, database 
print of the changes needed in infrastructure and business construction, design optimization, and functional testing of 
practices to enable a data warehouse for Privacy. This 30 mc constructed database. 

SfiiS SSt'EfSS? A f t 0D d Design ?■ ue T ^tT^t™ T 

base Management, Tools and utilities all built around an ^ V ^nTuT^? SS,*" 7 rl n 

integrated Metadata system. After completion of an imple- *» j 0 ' "* Dependent Data Mart Solution Utihzng a.GUI 

menlation of Privacy in a d»U warehouse environment a , 5 ba8e f. too1 ' .f^f to . ""J"" °[ a £f e d n **° n A bu f ?" 

Privacy Review «90 is recommended to evaluate whether 35 ZTT P , ° • ,he De P eB * Bl Da,a 

the implementation goals for infrastructure change has been Ma ? The Apphcabon Deugn serv.ee develops 

met aid what Data Warehouse Contributions have been a PP"cauons mat enable review and input for change based 

achieved. This service also prepares for audiUbility by EDP ~ ^^L^. COQSUmCr daU ' da ' 8 sun, ™» 6S > 4nd 

Auditors or Privacy or Data Protection regulators. ^ s *£ C ta ^ ncs ' . „ . . 

FIG. 8 is a flow chart illustrating the specific methodology . Data Transformation and Replication This semce 

for building the Consumer Access Dependent Data Mart and ^ UUl *" ft P TT 

j * j •*» • ci e tnma that allow the dependent data mart database to be 

rn.gra.mg consumer aa.a ana a s accompanying pronie lor ^ lo&ded ro4iflUined . ^ 

service locates, 

privacy preferences from a date warehouse and other data . C J ^ . _ ..... . 

» »u a* . transforms, replications, transports, and loads data onto the 

sources to tne data marl. 45 . 4 , 4 J r . . . , . 5 . . ... 

w n • w - target platform. Included is the operational planning that 

Project Management— Project Management is critical to ^ reloadin or i ncrcme ntal loading of the dependent 

the success of Dependent Data Mart Migration to meet daU maft Qn & basis D4ta ^tnsformaUon and 

obligations to the customer and for me climiiuUon of 'scope naktioa for £ Dep endent Data Mart Program will 

creep , a project plan « required fo " U j^^^°^ normally be executed using Teradata utilities. 

h ^ Mart Management-l.is service encompasses the 

703 (Target Da\a) and 704 (Data Mart^ysical Design 705 ??™> ^ S™?"* s rale f * 

(Business Profile) and 706 (Consumer Profile) and Appli- 7* ^l 5 ,"™*? ™ l mc " de 

cation Design 707. Each step in the Design Phase covins . ProducUon, this is the respon- 

Education, Interview and Workshop elements that accom- 55 V . corner. 

pany the tasks necessary to complete the input into the next . Documentation— This service encompasses the Integra- 

phase. Also, Logical Date Modeling 701 feeds information Uon Tes !' Mc <f * ala R^tr^on, Audit Testing and Ous- 

into Architecture Design 702, Physical Design 703 and toine 5 CWomcr Education is key to any data 

Application Design 704. warehouse or dependent data mart success and is included as 

Project Management also passes the plan from the Design 60 ^ of *f ^ 

steps to the Implementation services for Date Sourcing 7M, stADdwd Data Warehouse Implementation services elements 

Data Loading and Management 730, Information Access m ' 

740, Changed Data Return 750 and Data Mart Management Logical Data Model 

760. The NCR project management methodology is the Physical Data Base Design 

single point of contact with the customer. Project managers 65 Extract, Transfer, Move and Load scripts 

arc responsible for all aspects of the Dependent Data Mart System Management Integration 

program. Audit and Control Plan 
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There are many types and uses of metadata including: 
Business rules and definitions, Directory of warehouse 
users, developers, users, etc., Database schema's and views, 
Transformational mappings, Source database logical 
models, Target warehouse models including data marts, 5 
Refresh frequency of data, Security, Reports, Performance 
metrics, and Computing system components. Thus, the 
content of metadata is evolved during Privacy Implementa- 
tion from merely a logical model of the source and target 
databases to full integration with business rules to informa- 10 
tion about information system resources. 

The foregoing description of the various embodiments of 
the invention has been presented for the purposes of illus- 
tration and description. It is not intended to be exhaustive or 15 
to limit the invention to the precise form disclosed. Many 
alternatives, modifications, and variations will be apparent 
to those skilled in the art of the above teaching. Accordingly, 
this invention is intended to embrace all alternatives, 
modifications, and variations that have been discussed ^ 
herein, and others that fall within the spirit and broad scope 
of the claims. 

What is claimed is: 

1. A data warehousing, management, and privacy control 
system, comprising: 25 

a database management system, for storing and retrieving 

customer data; 
a privacy metadata system that administers and records all 

customer personal data, users of said customer personal 

data, and usage of said customer personal data; 
a replication system providing communication between 

said database management system and said privacy 

metadata system; and 
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a database management system interface operalively 
coupled to the database management system and con- 
trolling access to said customer data and to said cus- 
tomer personal data through said replication system. 

2. The data warehousing, management, and privacy con- 
trol system according to claim 1, wherein: 

said replication system provides customer personal data 
from said database management system interface to 
said privacy metadata system. 

3. The data warehousing, management, and privacy con- 
trol system according to claim 1, further comprising: 

a customer access module operatively coupled to the 
privacy metadata system and providing a customer with 
means to access data, correct data and change of 
preferences to customer personal data related to said 
customer. 

4. The data warehousing, management, and privacy con- 
trol system according to claim 1, wherein: 

said replication system provides changes and corrections 
to said customer data from said privacy metadata 
system to said database management system. 

5. The data warehousing, management, and privacy con- 
trol system according to claim 1, wherein: 

said database management system interface provides 
access to said customer data and to said customer 
personal data in accordance with privacy parameters 
stored in said database management system. 

6. The data warehousing, management, and privacy con- 
trol system according to claim 1, further comprising: 

a privacy access logging system that captures and records 
all access attempts to said customer personal data. 

***** 
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[57] ABSTRACT 

A database interface and associated communication 
program are installed in each node in a communication 
network. The database interface provides a translation 
from the record format of the database and a standard- 
ized format for transmission to other nodes thus provid- 
ing translation between the formats of the different 
databases formats as records are transmitted between 
the databases on different nodes. The communication 
program transmits records that have been translated to 
the standardized format to nodes which contain corre- 
sponding records maintaining current records at each 
node. A node having a corresponding node can assign 
an owner. Assigning an owner causes the record to be 
sent to the database that is associated with the new 
owner. The owner has the responsibility for acting on 
the record. The originator of the record is also identi- 
fied. 

15 Claims, 6 Drawing Sheets 
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updates corresponding records at different databases 
DATABASE COMMUNICATION SYSTEM THAT with a minimum of burden on the users. 

PROVIDES AUTOMATIC FORMAT MTWW ™ ^ „ m ^^^^ 

TRANSLATION AND TRANSMIS SION O F SUMMARY OF THE INVENTION 

RECORDS WHEN THE OWNER IDENTIFIED FOR 5 It is an object of the present invention to provide an 
THE RECORD IS CHANGED improved communication system which addresses the 

above needs. 

BACKGROUND OF THE INVENTION i n accordance with an embodiment of the present 

This invention relates to a communication system in invention, a database interface and an associated com- 
which records are stored in independent databases and ^ muni cation program are installed at each node in a 
more specifically relates to communicating and updat- communication network. The database interface pro- 
ing corresponding records in the different independent vides a translation between the record format used at a 
databases. This invention is especially, but not exclu- database and a common standardized record format, 
sively, suited for intercompany database record sharing Thus, the database interface provides an inbound and 
such as between an equipment manufacturer and its 15 outbound translation of fields within a record in order 
customer. to provide compatibility with varying databases utilized 

A variety of communication networks exist which at different nodes. The standardized format is used by 
can transmit data files from an origination node (NODE the communication program to transmit record infor- 
O) to a destination node (NODE D). However, such a mation to the other nodes in the system. The communi- 
transmission may not achieve the goal of transferring 20 cation program provides a means for transmitting re- 
the desired information from NODE O to NODE D in cords and updates of records to the nodes in the nct- 
a form readily usable at NODE D. As an example, wor fc w hi c h need to maintain duplicate records. This 
assume that the information to be transmitted by co mmuni cation capability is substantially automated to 
NODE O is a record created in NODE O's indepen- nunimize user demands, 
dent, local database. If the objective is to create a dupli* 25 

cate record in an independent, local database at NODE BRIEF DESCRIPTION OF THE DRAWING 

5k™ ™ u rCCOrd °^ ^J^SfJS^ ^ FIG. 1 is a block diagram of a typical network which 
NODE D's database assuming both NODE O and „ cm Sient of the present invention. 

NODE D utilize the same database and the same field FIG. 2 is a block diagram of a typical node in the 
formats. If the database at NODE D is not directly 30 oxigram oi a typical noae in me 

^^onRj?!^^^^^ ffELSrf ^ 3 * a *»*ram which illustrates the relationship 
user at NODE D must manually translate the received betwccn interface software and cornmunica- 
record mto a record m the local database format. It is 2 " !" , . ~f 
apparent that substantial inefficiencies exist where dif- ^on software in accordance wi h to present invention, 
ferent database formats are utilized. If the databases 35 MO - 4 * a dja 5 ram whlch ulustrates the mapping of 
utilized by NODE O and NODE D are controlled by a local ^base record mto a standardized record for- 
independent companies, it is unlikely that each com- a f cordanoc * e P rcscnt invention, 
pany will utilize the same database software. Even if the . mG ' 5 dlustxates 60 embodiment of a commumcaUon 
companies did utilize the same database software, it is directory and file structure in accordance with an em- 
even more unlikely that each will have created a sub- 40 bodimcnt of present invention, 
stantially identical record format structures because of FIGS. 6 and 7 comprise a table that illustrates param- 
the different needs of each company. etcrs utilized with each record in accordance with an 

It is possible to address this problem by u tilizin g a embodiment of the present invention, 

single database which can be accessed by a variety of F* 0 - 8 * a flow diagram illustrating the transmission 

users. Such a solution has the disadvantage that all of 45 °f a record from a node in accordance with an embodi- 

the users must agree to utilize the same format and ment of the present invention, 

agree to a common set of rules regarding use and access FIG. 9 is a flow diagram illustrating receipt of a re- 

of the database. It is difficult to achieve agreement cord from another node in accordance with an embodi- 

among independent companies, or even different parts men' of the present invention, 

of the same company, because of their differing needs 50 twtatt nr> npcrprimnM 

and objectives regarding database capabilities. UfclAUJ^U OcoCKlr I ION 

Difficulties would still exist even if independent com- An exemplary application of the present invention 
parries utilized the same database software and record follows in order to appreciate the advantages of the 
format Although the common structure of the database present invention. Assume that a provider of telecom- 
records would enable records to be communicated over 55 muni cations equipment is coupled via a communication 
a conventional communication network and entered system to a plurality of independent users of its equip- 
into another database, difficulties exist in maintaining ment A trouble ticket, i.e. a documented problem with 
duplicate records in different databases where the re- a failure of user owned equipment, is entered by a user 
cord can be updated by a user at any of the independent in an independent database controlled by the user. If the 
databases. Although it is possible to establish rules re- 60 trouble ticket relates to equipment supplied by the man- 
quiring that new and modified records be transmitted to ufacturer a copy of the trouble ticket is forwarded uti- 
others in the netw rk, this places a substantial burden lizing the database interface and communication pro- 
on each user in systems where it is desirable to maintain gram in accordance with an embodiment of the present 
duplicate records at different databases so that inforrna- invention to a corresponding field support organization 
tion can be locally accessed. 65 of the equipment provider. If this organization is able to 

Thus, there exists a need :for a communication system solve the problem, the duplicate ticket stored in a data- 

which provides flexibility by allowing individual nodes base of the support organization is modified indicating 

to utilize different databases and which automatically the solution or other relevant information relating to the 
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problem and transmitted to the originating user. If the with the database interface and permits the standardized 
organization is unable to solve the problem, it sends a record to be transmitted to a direct support node. A 
copy of the ticket to a different organization within the database interface at the support nod translates the 
company with greater technical expertise and sends an standardized record into the appropriate format for the 
update of the same ticket back to the user so that the 5 independent database maintained by the support node, 
user is apprised of the status of the trouble ticket As- The support node acknowledges receipt of the record 
snmi n g the higher level organization solves or other- to the user. Preferably, the direct support node gencr- 
wise handles the problem, the higher level organization ates an electronic mail (e-mail) message to an assigned 
updates the trouble ticket and sends a copy of the up- support person, advising of the receipt of a problem 
dated trouble ticket back to the field support organiza- 10 ticket After the direct support person considers the 
tion which in turn sends the update to the end user. problem as documented by the user's record, the record 
Assuming the end user is satisfied with the solution to ^ typically be updated by the assigned support person 
the problem indicated on the updated trouble ticket, the to contain additional information and may request addi- 
ticket is updated and closed by the user with copies of tional information from the user relevant to the prob- 
the update being sent to the field support organization 15 i m The rccor< i a t the support node is updated in the 
and the higher level technical organization. Each orga- support node database and communicated to the origi- 
nization dealing with the trouble ticket is apprised of all %Jset m standardized format The database inter- 
updates to the trouble ticket by any involved party. face at the user node translates the received update from 
However, each of the parties (nodes in the communica- standardized format to the record format used at the 
tion system) are free to maintain an independent date- 20 user , J loca j diabase. Thus, each node in the system 
base so that each can independently maintain statistics which ^5^^ a trouble ticket maintains an updated 
and otherwise utilize the information according to the ncQTd regardlcss of ^ ^ mMng m update . p^. 
needs ot eac . ably, me person at the user ncxle is noting by e-mail 
Jitt^^^^^StrT^H 25 tadL** *at the record has been updated and thus, 
Kf£££ftia£S£ should be reviewed for possible additionai actio. H™, 

entrthose sUd in .heart that the utility of theses- ^^^^S^ZT^ 

cut invention is not limited to this application. T ; » , . , , 

FIG. 1 illustrates a communication system in which a *» «?~*™* P»W«n while Rowing each to 

«.i««aiu« *r in^n 1 , #A m maintain an independent database which can be tailored 

plurality of user nodes 10-20 are coupled to support 30 mkIZI* n(W i, rtf *t,_ nM Ar%A fh/ > MMMrt 

nodes 22 and 24 which are in turn coupled to central to m ?f nccd * of the user and the support 

support node 26. In the illustrative example, service pr 2^? c ^ .„ . , 

providers at nodes 22 and 24 are in a direct support level J FIG. 2 illustrates a typical node in a system m accor- 
and have sufficient expertise to solve many of the prob- ^ ***** mvention. The node includes a 
lems posed by the users which they support Technical 35 microprocessor (MPU) 28, ^associated memory in- 
experts at node 26 provide corporate support to users eluding read-o^y memory (ROM) 30, random access 
for problems which the service providers at the direct memory (RAM) 32, and alternate memory storage 34 
support nodes cannot solve. The direct support nodes 5Uch M . a ^ k or Conventional input and 
are also connected to each other so that problem solv- out P ut devices associated with MPU 28 include a key- 
ing expertise can be shared at the direct support level A 40 board 36, a video display terminal 38, and a communica- 
communication network 27 provides communication tion module 40 which enables co mmunicati ons between 
channels among the nodes. MPU 28 and a communication network 27. The node as 

This embodiment of the present invention is espe- shown in FIO. 2 can be used for any of the nodes as 
cially well suited for utilization in the illustrative sys- shown in FIO. 1. The communication network 27 may 
tern, especially when the equipment and/or software 45 comprise either the public switched telephone network 
supplied to users is complex. For example, users may sucn 85 Dv modems or may comprise dedicated leased 
encounter difficulties in configuring the equipment to 1*°** between the users and connected nodes, 
properly interface with other peripheral equipment or F 10 - 3 » a pictorial representation of the relationship 
in customizing the operation of the equipment pursuant among software in accordance with the present inven- 
to a desired customer configuration. Help with such SO UOJL Local database software 46 receives input from the 
problems can normally be provided by the service pro- user And provides output to the user of stored records, 
viders at the support nodes. Another class of problems The database interface 44 translates the relevant fields 
which users may encounter deal with failures or errors m a record stored in the local database 46 into corre- 
in the basic operation of the equipment Some of these sponding fields in a standardized record format Re- 
problems may be solved by personnel at the support 35 cords retrieved via interface 44 from the local database 
nodes, but other problems will require the greater tech- are likewise translated for transmission by communica- 
nical expertise available from the t^fr n ^1 experts at tion program 48 to. communication network 27 in the 
the central support node. standardized record format The standardized record 

In the illustrative example, a user documents a new format allows individual nodes to maintain different 
problem by entering appropriate information describing 60 local database software programs and define Melds 
the equipment, nature of the problem, and other param- within records to meet the needs of the associated users 
eters utilizing the user's database. The user preferred of the node. The local database may consist of conven- 
f rmat for storing tnf rmation in the local independent ti nally available database s ftware including flat file 
database is translated into a standardized record format and relational types. In order to minimize the overall 
by a database interface which is coupled to the local 65 communication network requirements in order to han- 
database. After the information is translated into the die the transmissi n f records, each of the nodes pref- 
standardized record format, a communication program erably utilizes a UNIX ® operating system which ta- 
in accordance with the present invention interfaces herently contains communication support 
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FIG. 4 graphically illustrates how the database inter- standardized records are translated utilizing the data- 
face 44 interfaces with the local database 46. The stan- base interface 44 and then stored in the local database of 
dardized record format 50 is defined and stored in data- the node. To transmit a record stored in the local data- 
base interface 44. It is related to a local database record base 46 of the node, the record is translated by the 
format 52 utilized by the local database 46. The stan- 5 database interface 44 and a copy of the standardized 
dardized record format 50 includes fields A-N which record placed in the corresponding subdirectory of the 
define different information parameters which can be destination node under OUT directory 64. The comma- 
communicated within the network shown in FIG. 1. nication program 60 periodically scans the files in the 
The local database record format 52 includes fields 1-99 OUT subdirectories and transmits the records via node 
which correspond to parameters determined by the 10 directory 56 to the destination node in communication 
operator of the node for possible storage in local data- network 27. After the transmission of the outbound 
base 46. The lines 54 which interconnect one field in record, a duplicate copy of the record is placed in a 
format 50 with one field in format 52 identify the trans- corresponding subdirectory under HOLD directory 66; 
lation or mapping which will occur when transferring the transmitted record in the subdirectory under OUT 
records 52 stored in local database 46 to other nodes in 15 directory 64 is deleted. If an acknowledgement is not 
the system. Each of the fields in record format 50 are received from the destination node within a predeter- 
preferably supported by a corresponding field in record mined time, an attempt to retransmit the record is re- 
format 52. The standardized record format 50 which is peated from the subdirectory under HOLD directory 
transmitted between nodes allows the independent data- 66. 

bases associated with each node to be able to share 20 FIGS. 6 and 7 illustrate the status of parameters asso- 

information with other nodes without requiring manual dated with a record relative to nodes 12, 22, and 26 of 

re-entry of the information at another database because FIG. 1 at time intervals TO, Tl, T2, T3, and T4. The 

of different record and field structures. state of the parameters shown in FIGS. 6 and 7 reflect 

In a preferred embodiment of the present invention, states at the end of each interval. Time TO corresponds 

one of the fields in standardized record format 50 identi- 25 to user node 12 creating a new record indicative of a 

fies if the record contains information which should be problem. A unique ticket number which also identifies 

interpreted by another node as a trouble ticket, Le. the originating node is assigned, Le. UN 12-1487. User 

typically a request for help by another node, and an- node 12 is also identified as the originator and owner of 

other field contains a description of the product or the trouble ticket; note the originator and owner rows 

manufacturer of the product associated with the prob- 30 in FIG. 6. The status of the trouble ticket is "open". In 

lem. Each node preferably maintains in memory an the illustrative example the record was created and 

address map which identifies the support node to re- entered in the local database of node 12 without causing 

ceive a copy of the record dependent upon the equip- the record to be transmitted as a trouble ticket to direct 

ment manufacturer or product entered in the corre- support node 22. This indicates that records may be 

sponding record field. Thus, a user as illustrated in FIG. 35 opened and potentially closed by the originating user if 

1 does not have to provide an address of the direct the user determines a solution or otherwise decides that 

support node associated with the problem since this a trouble ticket is not to be generated. Thus the user's 

addressing will be accomplished automatically merely database can store records that are not trouble tickets, 

by the user initiating the trouble ticket. Since the data- Assuming that node 12 now wishes to communicate 

base interface 44 is coupled to the communication pro- 40 the stored record as a trouble ticket for direct support 

gram 48 and monitors changes made to records in the node 22, a person at node 12 will load the stored infor- 

local database, a person entering data in local database mation from the local database 46 into database inter- 

46 need only change the ownership field in a trouble face 44 which includes the parameters as shown. The 

ticket in order to initiate transmission of the record to owner is changed from node 12 to node 22. The owner- 

the appropriate supporting node. It is contemplated that 45 ship parameter identifies the node from which help is 

the user can be coupled by the communication network sought The ownership of a given ticket may change 

to a variety of different support nodes which support from time to time depending upon the node from which 

different products. help is sought User node 12 always remains the origina- 

FIG. 5 illustrates an exemplary directory structure, tor and the ticket number is never changed during the 

preferably associated with each node, in accordance 50 communication of records from node to node. This 

with the present invention, in order to facilitate commu- allows each trouble ticket to be assigned a sequential 

nications. Node directory 56 is the highest level direc- number by each node. At user node 12, the record is 

tory which interacts with communication network 27 to placed in node 22 of the OUT directory 64 for transmis- 

receive communications from the network which are sion to node 22 by the communication program. Upon 

addressed to the node and to transmit communications 55 receiving the record at node 22, it is placed under IN 

to another node in the network. Subdirectory BIN 58 directory 62 in the subdirectory corresponding to user 

contains the communication program 60 in accordance node 1Z It is then transferred to the local database 46 of 

with the present invention. The communication pro- node 22. Thus, following the successful completion of 

gram 60 is explained, especially with regard to the flow the transmission, the identical record will exist at nodes 

diagram of FIGS. 8 and 9. Subdirectories 62, 64, and 66 60 12 and 22. 

each have symmetrical file structures. Each of these In this example, a service provider at node 22 is un- 

subdirect ries contains a structure in which one alio- able to handle the problem associated with ticket UN 

cated subdirectory is maintained for each node in the 12-1487 and makes a determination that the ticket 

system. Each record received by node directory 56 is should be escalated to node 26 for additional help from 

placed under IN directory 62 and the subdirectory 65 the technical experts in problem solving. At node 22, 

which corresponds to the node which transmitted the the record is retrieved from the local database into the 

record. These files arc periodically scanned by the data- database interface and the ownership changed from 

base interface 44 to check for received files. Received node 22 t node 26. Node 22 transmits the record at 
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time period T2 to node 26 in a similar manner explained utilized in which to check for multiple records to be 
as for the transmission from node 12 to node 22. In transmitted to the same destination. Step 78 represents 
addition, node 22 transmits the updated record to node that the record is held waiting for an OUT transmission 
12 so that all nodes in the network will maintain identi- cycle to be started. At the end of the cycle, the record 
cal data for each ticket. Each node in the network main- s is sent to the destination node, as indicated in step 80 
tains an address table which identifies the node from through communication network 27. In step 82 a copy 
which it received each trouble ticket and thus, permits of the transmitted record is placed in the destination 
a daisy-chain addressing by which updated tickets are node subdirectory under the HOLD directory. In deci- 
transmitted to the nodes which contain corresponding sion step 84 a determination is made if an acknowledge- 
stored records. Node 26 receives the record and stores 10 ment has been received from the destination node 
it in its local database. Preferably, upon receipt of each within a predetermined time. If NO, control transfers to 
ticket at each node, a corresponding e-mail message is the beginning of step 78 to initiate a retransmission of 
generated to the person at the node associated with the record. Upon a YES detennination by step 84, the 
handling such tickets. Thus, at the end of tune interval record stored in the destination node subdirectory 
T2, nodes 12, 22, and 26 will each contain an identical IS under HOLD is deleted since a retransmission will not 
copy of the ticket in each's database. be required. The transmission step terminates at END 
After considering the substance of the problem indi- 88. Thus, in accordance with the transmission accord- 
cated in the ticket, node 26 may make a determination ing to the present invention, a trouble ticket or record is 
of the cause of the problem and provide a solution. The transmitted to another node in standardized record 
documentation for the problem cause and the proposed 20 format based upon a corresponding local database re- 
solution will be included as updated information to the cord format 

ticket during time interval T3 and the status changed by FIG. 9 is a flow diagram illustrating steps in accor- 

node 26 from "open" to "solved". Node 26 initiates an dance with the present invention for receiving a record 

update transmission of the ticket to node 22 which in the transmitted from another node. Beginning at START 

daisy-chain manner retransmits the updated ticket back 25 90, the general node directory 56 receives a record 

to the originating node 12. It will also be noted that at addressed for the subject node as indicated in step 92. In 

time interval T3 the owner is changed from node 26 to step 94 the received record is put under the IN direc- 

user node 12, indicating that further disposition of the tory in the subdirectory of the node which transmitted 

problem ticket with the proposed solution rests with the the record. In step 96 the record is copied from the 

user at node 12. 30 subdirectory under the IN directory to the database 

The user at node 12 considers the proposed solution interface 44 as a standardized record format. In step 95 
and accepts the solution proposed. During time interval an acknowledgement is sent to the node which transmit- 
T4, the user at node 12 changes the status of the mes- ted the record acknowledging its successful receipt In 
sage from solved to closed and transmits the updated step 98 the database 46 is updated by the database inter- 
record to node 22 which in daisy-chain manner trans- 35 nice 44 translating the standardized record format and 
mhs the message to node 26. As illustrated in time T4, storing the record in the local database 46. A determina- 
each of the nodes communicating relative to the illustra- tion is made in step 102 of whether to transmit the re- 
tive trouble ticket will contain an identical record cord to another node. This decision is based upon the 
which indicates the status of the ticket is closed thereby destination contained with the record and the owner of 
ending further problem solving consideration of the 40 the record. For example, if an originating node identi- 
item by direct support providers at node 22 and the fies the owner as a node other than an intermediate node 
technical experts at central support node 26. The record which receives the record, the intermediate node will 
can be maintained in the local database of the respective recognize the need to transmit the record to the desig- 
nodes and utilized for other related problems should nated owner. Upon a YES determination by step 102, 
similar problems occur, the record can also be used for 45 control passes as indicated by transfer point "A" 104 
statistical data purposes. back to step 74 as shown in FIG. 8. The transmission 

FIG. 8 is a flow diagram illustrating steps in the trans- then continues as previously explained with regard to 
mission of a record to another node. Begmning at FIG. 8. A NO detennination by step 102 indicates that 
START 68, the record to be transmitted is loaded from further transmission is not required and concludes the 
the local database to the standard record format of the 50 receipt of the record at END 106. 
database interface 44 as indicated by step 70. It will be In accordance with the present invention, a user 
understood by those skilled in the art that the record friendly communication system is provided in which all 
may also be directly entered by the user into the data- nodes in the system requiring access to a record main- 
base interface as well as being retrieved from storage in tains the record in a local database. Subsequent updates 
the local database. In step 72 the user requests transmis- 55 of the record by any node are automatically distributed 
sion of the record to another node such as by changing to the other nodes by utilizing a standardized record 
the ownership of the record. The address of the destina- format Thus, the present invention provides an ra- 
tion node is determined in step 74. In a preferred em- hanced communication system allowing independent 
bodiment of the present invention, the destination is database flexibility while still providing the relevant 
determined from an originating node based upon a 60 nodes in the network with up-to-date records, 
stored table which correlates the address of the node Although an embodiment of the present invention has 
which services the equipment identified by the trouble been described and shown in the drawings, the scope of 
ticket Alternatively, the user at the originating node the invention is defined by the claims which follow, 
can directly enter the address of the node from which We claim: 

help is sought. Next, a copy of the trouble ticket Is 65 1. A communication system comprising: 

placed in the destination node (DN) subdirectory under first and second nodes coupled to each other; 

the OUT directory. In accordance with the communi- first and second databases associated with said first 

cation program, a predetermined time Interval can be and second nodes respectively, each store records, 



04/30/2004, EAST 



Version; 1.4.1 



5,446, 

9 

said first database storing said records in a first field 
format and said second database storing said re- 
cords in a second field format which is different 
from said first field format; 

means at said first and second nodes for transmitting 5 
records having standardized format to and receiv- 
ing records having standardized format from the 
other of said first and second nodes, said standard- 
ized format being different from said first and sec- 
ond field formats; 10 

means at said first node for automatically translating 
a received standardized format record into said 
first field format record for storage in said first 
database and for automatically translating a first 
field format record stored in said first database into 15 
standardized format record for transmission to said 
second node; 

means for independently identifying an originator 
and an owner of each record, said translating and 
transmitting means acting to translate and transmit 20 
a first record contained in said first database associ- 
ated with said first node to said second database 
associated with said second node based upon entry 
in said first record of an owner associated with said 
second database, wherein records in said first data- 25 
base that do not identify an owner are not transmit- 
ted to said second database; 

said identifying means permitting the identified 
owner of a duplicate record stored at the second 
database and corresponding to said first record to 30 
be changed thereby changing responsibility for 
acting on the duplicate record and causing the 
duplicate record with changed ownership to be 
automatically transmitted to a database associated 
with the changed owner. 35 

2. The system according to claim 1 further compris- 
ing a plurality of other nodes in addition to said first and 
second nodes, said other nodes comprising: 

a database; 

means for transmitting standardized format records 40 
and receiving standardized format records and 

means for automatically translating a received stan- 
dardized format record into its field format record 
for storage in its database and for automatically 
translating a record stored in its database into a 45 
standardized format record for transmission to one 
of said first, second, and other nodes. 

3. The system according to claim 1 further compris- 
ing means associated with said second node for auto- 
matically transmitting a copy of an updated first record 50 
based on the original record from said second database 

to the first database containing the corresponding origi- 
nal record, said first database storing said updated first 
record 

4. The system according to claim 1 further compris- 55 
ing means for labeling each record at its creation with a 
unique identification number which identifies all corre- 
sponding records in the communication system. 

5. A first node for use in a communications system 
having a plurality of nodes, said first node comprising: 60 

first database that stores records in a first field format; 

means for transmitting records having standardized 
format to and receiving records having standard- 
ized format from one of said nodes, said standard- 
ized format being different from said first field 65 
format; 

means for automatically translating a standardized 
format record into said first field format for storage 



10 

in said first database and for automatically translat- 
ing a first field format record stored in said first 
database into a standardized format record for 
transmission to one of said nodes; 

means for independently identifying an originator 
and an owner of each record, said translating and 
transmitting means acting to translate and transmit 
a first record contained in said first database associ- 
ated with said first node to a second database asso- 
ciated with a second node based upon entry in said 
first record of an owner associated with said sec- 
ond database, wherein records in said first database 
that do not identify an owner are not transmitted to 
said second database; 

said identifying means permitting the identified 
owner of a duplicate record stored at the second 
database and corresponding to said first record to 
be changed thereby changing responsibility for 
acting on the duplicate record and causing the 
duplicate record with changed ownership to be 
automatically transmitted to a database associated 
with the changed owner. 

6. The node according to claim 5 further comprising 
means for automatically sending records stored in the 
first database that have been modified to other nodes 
which contain corresponding records thereby keeping 
corresponding records at other nodes updated. 

7. The node according to claim 5 further comprising 
means for labeling each record at its creation with a 
unique identification number which always identifies all 
corresponding records in other nodes in the communi- 
cation system. 

8. A method for handling records in a communica- 
tions system which includes at least first and second 
nodes having first and second databases, respectively, 
said first database storing records in a first field format 
and said second database storing records in a second 
field format which is different from said first field for- 
mat, said method comprising the steps of: 

transmitting records having a standardized format 
from said first node and receiving records having a 
standardized format at said first node from said 
second node, said standardized format being differ- 
ent from said first and second field formats; 

auto maticall y t ranslatin g a standardized format re- 
cord received by said first node into said first field 
format record for storage in said first database and 
for automatically translating a first field format 
record stored in said first database into a standard- 
ized format record for transmission to said second 
node; 

independently identifying an originator and an owner 
of each record, said translating and transmitting 
steps translating and transmitting a first record 
contained in said first database associated with said 
first node to said second database associated with 
said second node based upon entry in said first 
record of an owner associated with said second 
database, wherein records in said first database that 
do not identify an owner are not transmitted to said 
second database; 

said identifying step permitting the identified owner 
of a duplicate record stored at the second database 
and corresponding to said first record to be 
changed thereby changing resp risibility for acting 
on the duplicate record and causing the duplicate 
record with changed ownership to be automati- 
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cally transmitted to a database associated with the 
changed owner. 

9. The meth d according to claim 8 further compris- 
ing the step of automatically updating records st red in 
databases of other nodes upon a corresponding record 5 
being modified at one node in the communication sys- 
tem. 

10. The method according to claim 8 further compris- 
ing the step of labeling each record at its creation with 

a unique identification number which identifies all cor- 10 
responding records in other databases in the communi- 
cation system. 

11 The method according to claim 8 wherein said 
identifying step permits the owner of a corresponding 
set of records to be changed by any node which stores 
one of the corresponding records thereby allowing the 
responsibility for acting on the record to be changed. 

1Z A method for handling records by a node in a 
communications system having other nodes, said ^ 
method comprising the steps of: 

storing records using a first field format in a first 
database; 

transmitting records having a standardized format to 
and receiving records having a standardized format 25 
from said other nodes, said standardized format 
being different from said first field format; 

automatically translating a standardized format re- 
cord received from one of said other nodes into a 
first field format record and storing said translated 30 
record in said first database; 

translating a first field format record stored in said 
first database into standardized format record and 
transmitting said standardized record to at least one 
of said other nodes; 35 
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independently identifying an originator and an owner 
of each record, said translating and transmitting 
steps translating and transmitting a first record 
contained in said first database associated with said 
first node to said second database associated with 
said second node based upon entry in said first 
record of an owner associated with said second 
database, wherein records in said first database that 
do not identify an owner are not transmitted to said 
second database; 

said identifying step permitting the identified owner 
of a duplicate record stored at the second database 
and corresponding to said first record to be 
changed thereby changing responsibility for acting 
on the duplicate record and causing the duplicate 
record with changed ownership to be automati- 
cally transmitted to a database associated with the 
changed owner. 

13. The method according to claim 12 further com- 
prising the step of automatically sending records stored 
in the first database that have been modified by a user to 
other nodes, which contain corresponding records 
thereby keeping corresponding records at other nodes 
updated. 

14. The method according to claim 12 further com- 
prising the step of labeling each record at its creation 
with a unique identification number which identifies all 
corresponding records in other nodes in the communi- 
cation system. 

15. The method according to claim 12 wherein said 
identifying step permits the owner of a corresponding 
set of records to be changed by a node which stores one 
of the corresponding records thereby allowing the re- 
sponsibility for acting on the record to be changed. 

t * * * * 
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